Sophos knowledgebase advisorieshttps://www.sophos.com/en-us/rss/knowledgebase/latest-knowledgebase-advisories.aspx
en18 Jan 2019Sophos Anti-Virus for Linux /UNIX: Running and Configuring on-demand scanshttps://community.sophos.com/kb//133398.aspx
https://community.sophos.com/kb//133398.aspx18 Jan 2019An on-demand scan is a scan that you initiate. You can scan anything from a single file to everything
on your computer that you have permission to read. Advisory - Sophos Web Appliance may hang during upgrade to v4.3.7https://community.sophos.com/kb//133404.aspx
https://community.sophos.com/kb//133404.aspx17 Jan 2019Some customers are reporting device hangs when upgrading to v4.3.7 Sophos Anti-virus for Linux: Start and stop commandshttps://community.sophos.com/kb//133173.aspx
https://community.sophos.com/kb//133173.aspx17 Jan 2019This article describes the commands to start and stop Sophos Anti-virus processes on Linux and UNIX installations Phish Threat V2: Campaign domains were not resolvablehttps://community.sophos.com/kb//133389.aspx
https://community.sophos.com/kb//133389.aspx16 Jan 2019Users clicking on campaign links were presented with an unresolvable domain page. This is now resolved Sophos XG Firewall: How to set the MSS value for remote network(s)https://community.sophos.com/kb//133374.aspx
https://community.sophos.com/kb//133374.aspx12 Jan 2019Some remote network(s) may have problems or requirements that the packets that get sent through the IPSec tunnel are of a certain size. Sophos Anti-Virus for Linux: System requirementshttps://community.sophos.com/kb//16819.aspx
https://community.sophos.com/kb//16819.aspx11 Jan 2019This article lists the system requirements of the Sophos Central managed and on-premises versions of Sophos Anti-Virus for Linux. Sophos Anti-Virus for UNIX: System reports not found or cannot load library errorhttps://community.sophos.com/kb//10151.aspx
https://community.sophos.com/kb//10151.aspx11 Jan 2019If your system returns not found or cannot load library messages when you try to run Sophos Anti-Virus for UNIX/Linux, you probably need to change your system settings. How to investigate C2/Generic-C Detectionhttps://community.sophos.com/kb//133271.aspx
https://community.sophos.com/kb//133271.aspx11 Jan 2019This article provides guidance on how to investigate C2/Generic-C detection on a Sophos protected endpoint. Sophos XG Firewall: Security Heartbeat registration problemshttps://community.sophos.com/kb//133367.aspx
https://community.sophos.com/kb//133367.aspx11 Jan 2019This article shows you how to fix half registered Security Heartbeat module Sophos XG Firewall: How to disable the HTTP TRACE/TRACK function when using the WAF module of the XG.https://community.sophos.com/kb//133363.aspx
https://community.sophos.com/kb//133363.aspx10 Jan 2019This article shows how to disable the HTTP TRACE/TRACK function when using the WAF module of the XG. Sophos Anti-Virus for Linux : Communication with Central Update Server uses HTTPS by defaulthttps://community.sophos.com/kb//132236.aspx
https://community.sophos.com/kb//132236.aspx09 Jan 2019From Sophos Anti-Virus for Linux version 10.4, and Central managed 9.14.2 Sophos Anti-Virus uses HTTPS by default to communicate with the configured Update Server Can my UNIX or Linux computer become infected with a virus?https://community.sophos.com/kb//10142.aspx
https://community.sophos.com/kb//10142.aspx09 Jan 2019Few viruses are currently known for UNIX or Linux. However, virus checking is necessary as UNIX or Linux computers act as servers for non-UNIX workstations, UNIX computers are often used as mail servers and UNIX computers may run a PC emulator which may be affected. Advisory - Sophos UTM: RED-W wireless becomes inactive after updating to 9.6https://community.sophos.com/kb//133346.aspx
https://community.sophos.com/kb//133346.aspx08 Jan 2019RED AP wireless becomes inactive. which can potentially cause high CPU usage due to retries. Sophos Anti-Virus for Linux/Unix: Central configuration of the Remote Management Systemhttps://community.sophos.com/kb//118533.aspx
https://community.sophos.com/kb//118533.aspx08 Jan 2019Changing the ParentAddress / ParentRouterAddress centrally Sophos Anti-Virus for Linux: How to roll out a custom TBP to multiple computershttps://community.sophos.com/kb//118374.aspx
https://community.sophos.com/kb//118374.aspx07 Jan 2019Sophos does not provide TBPs (Talpa Binary Packs) for all Linux kernels. This article describes how to install the necessary prerequisites and create TBPs for other kernels, without the need to install additional tools on each computer. PureMessage for Microsoft Exchange: Error 0x80070005 displayed when opening a PureMessage remote consolehttps://community.sophos.com/kb//30193.aspx
https://community.sophos.com/kb//30193.aspx07 Jan 2019The user who is trying to log in is not a member of the group Sophos PureMessage Administrators. Information on Sophos SAVDI release 2.6.0https://community.sophos.com/kb//127242.aspx
https://community.sophos.com/kb//127242.aspx06 Jan 2019Release of Sophos Anti-Virus Dynamic Interface 2.6.0 on 2nd August 2017 Trouble logging into Sophos Central Firewall Managerhttps://community.sophos.com/kb//133321.aspx
https://community.sophos.com/kb//133321.aspx03 Jan 2019Logon to Sophos Central Firewall Manager is problematic. Sophos Security Advisory for Sophos Central Server: Message Relayhttps://community.sophos.com/kb//132571.aspx
https://community.sophos.com/kb//132571.aspx18 Dec 2018Sophos is aware of vulnerabilities that have been reported in certain Apache modules. Sophos Anti-Virus for Linux: How to verify if Sophos anti-virus is correctly installedhttps://community.sophos.com/kb//127977.aspx
https://community.sophos.com/kb//127977.aspx18 Dec 2018How to verify that Sophos is properly installed on the Linux machine Sophos Cloud Migration Tool v1.0.x fails to connect to Sophos Centralhttps://community.sophos.com/kb//133263.aspx
https://community.sophos.com/kb//133263.aspx13 Dec 2018This article provides further information on an issue connecting to Sophos Central when accessing the Cloud Migration Tool Resolved - Sophos Advisory: Update - between Saturday December 8th, 2018 and Monday Dec 10th - newly registered XG firewall evaluations were not visible in Sophos Central Partner Portal Dashboardhttps://community.sophos.com/kb//133257.aspx
https://community.sophos.com/kb//133257.aspx12 Dec 2018Resolved - Sophos Advisory: Update - between Saturday December 8th, 2018 and Monday Dec 10th - newly registered XG firewall evaluations were not visible in Sophos Central Partner Portal Dashboard Upgrade paths for SFOS when SFOS is managed by Sophos Firewall Manager or Sophos Central Firewall Managerhttps://community.sophos.com/kb//133216.aspx
https://community.sophos.com/kb//133216.aspx05 Dec 2018This document shows the available versions that will be presented to administrators when performing updates on SFOS managed appliances. Advisory: Talos identifies vulnerability on HitmanPro.Alerthttps://community.sophos.com/kb//133007.aspx
https://community.sophos.com/kb//133007.aspx28 Nov 2018Cisco Talos responsibly disclosed two vulnerabilities with the Sophos HitmanPro.Alert program. Sophos Anti-Virus for Linux: How to install when /tmp is mounted as noexechttps://community.sophos.com/kb//131783.aspx
https://community.sophos.com/kb//131783.aspx27 Nov 2018There are two options to install the Sophos anti-virus for Linux when /tmp is mounted as noexec Sophos Anti-Virus for Linux: Talpa Binary Pack update is triggered when a new Binary Pack is required after a Linux kernel updatehttps://community.sophos.com/kb//132228.aspx
https://community.sophos.com/kb//132228.aspx27 Nov 2018With Sophos anti-virus 9.15.0/10.4.0, Talpa Binary pack is updated when it is required after a Linux kernel update whether or not a new Sophos anti-virus IDE has flagged for an update Advisory: Kernel memory issue affecting multiple OS (aka F**CKWIT, KAISER, KPTI, Meltdown and Spectre)https://community.sophos.com/kb//128053.aspx
https://community.sophos.com/kb//128053.aspx21 Nov 2018Sophos is aware of the Kernel memory leak issues being discussed in the media, and which are addressed in patches that were released ahead of schedule by Microsoft on 03 Jan 2018, as well as by patches to Apple and Linux. This article will continue to be updated when new information becomes available.Sophos Anti-Virus for Linux: Suggested on-access exclusions on an Oracle Database serverhttps://community.sophos.com/kb//133082.aspx
https://community.sophos.com/kb//133082.aspx20 Nov 2018Suggested Sophos anti-virus exclusions on a Linux server installed with Oracle Database Sophos Antivirus for Linux: Limited Support for RHEL 6 during Extended Life Phase (Japan only)https://community.sophos.com/kb//132124.aspx
https://community.sophos.com/kb//132124.aspx20 Nov 2018Red Hat Enterprise Linux 6 will reach End of Production Support from Red Hat on 30 November 2020. Thereafter, Sophos plans to provide Limited Support for Sophos Antivirus for RHEL 6 during Red Hat’s Extended Life Phase (ELP). Sophos Antivirus for Linux: Docker containers supporthttps://community.sophos.com/kb//126006.aspx
https://community.sophos.com/kb//126006.aspx16 Nov 2018List of Linux distributions supported for Docker container scanning by SAV Linux 9.13.0 Advisory: Bleedingbit vulnerabilities do not affect Sophos Access Pointshttps://community.sophos.com/kb//133050.aspx
https://community.sophos.com/kb//133050.aspx13 Nov 2018A set of two new zero day vulnerabilities have been announced which could cause various access points(APs) with BLE protocol enabled to be exposed to remote code execution attacks. Using mkinstpkg to create deployment packages for Sophos Anti-Virus for Linux, v 9https://community.sophos.com/kb//118218.aspx
https://community.sophos.com/kb//118218.aspx09 Nov 2018Creating a pre-configured installation package for Sophos Anti-Virus Advisory: Sophos Central Managed Servers consume Intercept X Advanced for Server licenses though features are disabledhttps://community.sophos.com/kb//133003.aspx
https://community.sophos.com/kb//133003.aspx08 Nov 2018Servers consume Intercept X Advanced licenses even though all Intercept X Advanced features are disabled in the Threat Prevention Policy Sophos PureMessage for Microsoft Exchange - Support for Windows Server 2016 Datacenterhttps://community.sophos.com/kb//131992.aspx
https://community.sophos.com/kb//131992.aspx06 Nov 2018Windows Server 2016 Datacenter is incompatible with PureMessage for Microsoft Exchange Sophos Puremessage for Unix fails to update with Permission denied randomlyhttps://community.sophos.com/kb//133047.aspx
https://community.sophos.com/kb//133047.aspx01 Nov 2018Sophos Puremessage for Unix fails to update with Permission denied randomly RESOLVED Advisory: Sophos Central Email Held for a small number of customer email accountshttps://community.sophos.com/kb//133032.aspx
https://community.sophos.com/kb//133032.aspx01 Nov 2018Advisory: Sophos Central Email Held for a small number of customer email accounts MacOS: Secure Kernel Extension Loading troubleshootinghttps://community.sophos.com/kb//132813.aspx
https://community.sophos.com/kb//132813.aspx31 Oct 2018This article has troubleshooting steps if SKEL on MacOS is not functioning properly Sophos XG Firewall: Protect against UDP Amplification Attack - TA14-017Ahttps://community.sophos.com/kb//132976.aspx
https://community.sophos.com/kb//132976.aspx31 Oct 2018This article describes the steps to help protect against UDP Amplification Attack - TA14-017A. Advisory: Sudden increase in ROP alerts for Office 2013 32-bit Click-to-run Applications an update to Sophos Intercept X and Exploit Preventionhttps://community.sophos.com/kb//132953.aspx
https://community.sophos.com/kb//132953.aspx25 Oct 2018Sudden increase in ROP alerts for Office 2013 Applications Sophos XG Firewall: Static Key Ciphers and vulnerability scannershttps://community.sophos.com/kb//132973.aspx
https://community.sophos.com/kb//132973.aspx23 Oct 2018Static Key Ciphers Vulnerability being reported when running Rapid 7 Nexpose scanner. Sophos Anti-Virus for Linux: Support for minor releases of RHEL, CentOS and Oracle Linuxhttps://community.sophos.com/kb//132694.aspx
https://community.sophos.com/kb//132694.aspx18 Oct 2018This article describes the Sophos Anti-Virus for Linux support for minor releases of different Linux distributions. Sophos response to the alleged hardware infiltration of Super Micro manufactured motherboards by Chinahttps://community.sophos.com/kb//132895.aspx
https://community.sophos.com/kb//132895.aspx12 Oct 2018Sophos continues to investigate this across all Sophos products. Advisory: Sophos XG Firewall CVE-2018-5389https://community.sophos.com/kb//132789.aspx
https://community.sophos.com/kb//132789.aspx11 Oct 2018This article explains that the Sophos XG Firewall is not affected by CVE-2018-5389, a vulnerability with IPsec Internet Key Exchange (IKE) v1. Sophos Anti-Virus for Linux: Recommendations for On-Access scanning with Nautilus file browserhttps://community.sophos.com/kb//118982.aspx
https://community.sophos.com/kb//118982.aspx03 Oct 2018Sophos recommends to pre-mount remote shares using a different filesystem. Advisory: Oct 3, 2018 Central Phishing threat web interface is experience performance issueshttps://community.sophos.com/kb//132855.aspx
https://community.sophos.com/kb//132855.aspx03 Oct 2018Advisory: Oct 3, 2018 Central Phishing threat web interface is experience performance issues [Advisory]: MSP licenses are showing expired in Sophos UTM Managerhttps://community.sophos.com/kb//132837.aspx
https://community.sophos.com/kb//132837.aspx02 Oct 2018UTM licenses that are controlled by Sophos UTM Manager (SUM) MSP licensing may have expired or be about to expire. Advisory: Sophos Anti-Virus support for Apple MacOS 10.14 Mojavehttps://community.sophos.com/kb//132812.aspx
https://community.sophos.com/kb//132812.aspx26 Sep 2018MacOS 10.14 is supported by 9.6.4 and above, but may require special steps to function fully. Advisory: Sophos XG Firewall Vulnerabilities reported by Kaspersky Labshttps://community.sophos.com/kb//132637.aspx
https://community.sophos.com/kb//132637.aspx18 Sep 2018Two vulnerabilities in the Webadmin component and one vulnerability in the API configuration component of the Sophos XG Firewall operating system (SFOS) have been discovered. Sophos XG Firewall, Sophos UTM, PureMessage for Unix, Sophos Web Appliance: OpenPGP/GPG detected as encryptedhttps://community.sophos.com/kb//132007.aspx
https://community.sophos.com/kb//132007.aspx14 Sep 2018Sophos XG Firewall, Sophos UTM, PureMessage for Unix now detects OpenPGP/GPG Sophos Anti-virus for Linux/Unix: Description of the diagnose log contentshttps://community.sophos.com/kb//128014.aspx
https://community.sophos.com/kb//128014.aspx28 Aug 2018This article provides an overview of the logs and files collected by the /opt/sophos-av/bin/savdstatus --diagnose command. CVE-2018-5390: SegmentSmack: kernel: tcp segments with random offsets may cause a remote denial of servicehttps://community.sophos.com/kb//132523.aspx
https://community.sophos.com/kb//132523.aspx13 Aug 2018This article explains that no Sophos products are affected by CVE-2018-5390. Updates failing on Linux Endpoint when updating from Linux/Unix based CID hosted on parent Linux machine on 9.11.x.https://community.sophos.com/kb//123484.aspx
https://community.sophos.com/kb//123484.aspx09 Aug 2018When updating from a CID hosted on another Linux machine on 9.11.0 + update errors reporting a failure to download engine files may be seen. Advisory: PureMessage for Unix PMX is failing to install blocklist datahttps://community.sophos.com/kb//132530.aspx
https://community.sophos.com/kb//132530.aspx09 Aug 2018Advisory: PureMessage for Unix PMX is failing to install blocklist data SAV for UNIX (AIX) fails to update over UNC after upgrading to 9.14.0https://community.sophos.com/kb//127884.aspx
https://community.sophos.com/kb//127884.aspx08 Aug 2018Due to a defect, UNC updating may break if an IPv6 address is present. Only impacts version 9.14.0. Sophos Endpoint: How to enable and disable on-access driver logginghttps://community.sophos.com/kb//15566.aspx
https://community.sophos.com/kb//15566.aspx08 Aug 2018This article describes how to enable and disable on-access driver logging for Sophos Anti-Virus. Resolved Advisory: Reflexion- Delay in Inbound and Outbound Email Deliveryhttps://community.sophos.com/kb//132478.aspx
https://community.sophos.com/kb//132478.aspx07 Aug 2018Customers may have experienced a delay in receiving inbound and delivery of outbound emails for Reflexion. Sophos Anti-Virus for Linux: mrouter temporarily incorrectly detectedhttps://community.sophos.com/kb//132440.aspx
https://community.sophos.com/kb//132440.aspx25 Jul 2018A small number of 3rd party security products temporarily and incorrectly detected mrouter as a malicious Linux process. Sophos Anti-virus for UNIX: Migrating a protected UNIX server managed by Sophos Enterprise Console to a Standalone (unmanaged) implementationhttps://community.sophos.com/kb//132063.aspx
https://community.sophos.com/kb//132063.aspx24 Jul 2018Support for managing Sophos Anti-virus for UNIX servers protected by Sophos Enterprise Console is due to end 31 December 2019. Sophos will continue to support for standalone (unmanaged) deployments of Sophos Anti-virus for UNIX after this date. Mal/Generic-S detection during Windows update (dnsapi.dll) - Resolvedhttps://community.sophos.com/kb//132417.aspx
https://community.sophos.com/kb//132417.aspx18 Jul 2018Mal/Generic-S detection during Windows update - Currently under investigation (dnsapi.dll)
Mal/Generic-S C:\Windows\winsxs\Temp\PendingRenames\d2c5a427ae1dd40121110000a0191c1b.x86_microsoft-windows-dns-client_31bf3856ad364e35_6.1.7601.24168_none_e4412749f9de6871_dnsapi.dll_c81f5791 Advisory: Sophos UTM http proxy stops working with Avira engine not availablehttps://community.sophos.com/kb//127434.aspx
https://community.sophos.com/kb//127434.aspx04 Jul 2018After an Avira pattern update the proxy failed because of failed to load Avira engine error. Windows Client Patch 1804 for SafeGuard productshttps://community.sophos.com/kb//131934.aspx
https://community.sophos.com/kb//131934.aspx03 Jul 2018A set of Windows Client Patches for multiple SafeGuard products has been released to address a number of security issues. Advisory: Issues you may experience after updating to UTM 9.3 and workaroundshttps://community.sophos.com/kb//121643.aspx
https://community.sophos.com/kb//121643.aspx27 Jun 2018This article explains how to fix known issues found in the recently released 9.3. Advisory: Following the release of Central Intercept X 2.0.5 (HitmanPro.Alert version .745) customers may encounter an Intruder or SafeBrowsing alert on Internet Explorer or Chromehttps://community.sophos.com/kb//132261.aspx
https://community.sophos.com/kb//132261.aspx22 Jun 2018Advisory: Following the release of Central Intercept X 2.0.5 (HitmanPro.Alert version .745) customers may encounter an Intruder or SafeBrowsing alert on Internet Explorer or Chrome Advisory: Sophos Email Appliance high CPU on version 4.3.2.1 caused by SPX portal servicehttps://community.sophos.com/kb//132262.aspx
https://community.sophos.com/kb//132262.aspx18 Jun 2018Advisory: Sophos Email Appliance high CPU on version 4.3.2.1 caused by SPX portal service Sophos Anti-Virus for Linux Heartbeat: Functional differences from Heartbeat for Sophos Anti-Virus for Windowshttps://community.sophos.com/kb//126466.aspx
https://community.sophos.com/kb//126466.aspx31 May 2018A summary of the functional differences between Heartbeat for SAV for Linux in Central (version 10.2.0 +) and Heartbeat for SAV for Windows. Update Cache log Error Opening Messages Informationhttps://community.sophos.com/kb//132176.aspx
https://community.sophos.com/kb//132176.aspx29 May 2018Errors in the Update Cache log may not indicate an issue. Some are harmless due to prepping for future features Sophos Enterprise Console: does not start if TLS 1.0 is disabled on management server or SQL serverhttps://community.sophos.com/kb//126672.aspx
https://community.sophos.com/kb//126672.aspx27 Apr 2018TLS 1.0 is required on the Sophos Enterprise Console managment server and SQL server. Sophos Anti-Virus for Mac: Risk of privilege escalation when using the Sophos endpoint installerhttps://community.sophos.com/kb//127252.aspx
https://community.sophos.com/kb//127252.aspx29 Mar 2018Secure the installation package first against tampering by unauthorized users then verify if it is a legitimate version of the installer to avoid the risk of privilege escalation. Advisory: Samba Vulnerabilities CVE-2018-1050, CVE-2018-1057https://community.sophos.com/kb//131829.aspx
https://community.sophos.com/kb//131829.aspx15 Mar 2018This article discusses the recently announced Samba vulnerabilities and their impact to Sophos products. SAV: Hyper-V issues on Windows 10 version 1709https://community.sophos.com/kb//127797.aspx
https://community.sophos.com/kb//127797.aspx13 Mar 2018We have had several reports of systems running the latest Windows 10 version 1709 having issues when trying to start Hyper-V. These can include system crashes or service launch problems. This occurs if the Sophos AV is present on the system. Advisory: How to block JavaScript cryptominershttps://community.sophos.com/kb//127988.aspx
https://community.sophos.com/kb//127988.aspx22 Feb 2018This article provides instructions on how to ensure protection against JavaScript cryptominers hosted on a website, such as Coinhive. Sophos Live Protection: Overviewhttps://community.sophos.com/kb//110921.aspx
https://community.sophos.com/kb//110921.aspx07 Feb 2018A brief description of what Sophos Live Protection is and the tasks that it performs. Central Installs on Server 2008 and Vista failing with Thin Installerhttps://community.sophos.com/kb//128167.aspx
https://community.sophos.com/kb//128167.aspx31 Jan 2018Due to a change made in Central that coincided with the release of the Thin Installer in January 2018, Windows Server 2008 and Windows Vista clients are failing new installs. In the Central status it may say Installation Caught Bcrypt Algorithm not available . This is due to moving to a newer algorithm that is not support on Server 2008 or Vista. Note: Server 2008 R2 is not impacted by this issue, as it has an updated Bcrypt library.APC Violation exploits detected - Jan 12th 2018.https://community.sophos.com/kb//128101.aspx
https://community.sophos.com/kb//128101.aspx18 Jan 2018Sophos is aware that a small amount of customers have reported multiple detections of APC Violation exploits being detected in a variety of files, including SophosClean. Sophos Anti-Virus for Unix: Work around for savlog --systemlog on HP-UXhttps://community.sophos.com/kb//127982.aspx
https://community.sophos.com/kb//127982.aspx12 Jan 2018When running savlog --systemlog on HP-UX, it results in savlog failed: No such file or directory exists. Advisory: Security update for users of Web Application Firewall (WAF) in Sophos XG Firewallhttps://community.sophos.com/kb//128024.aspx
https://community.sophos.com/kb//128024.aspx02 Jan 2018A cross-site scripting (XSS) vulnerability within the WAF component of the Sophos XG Firewall operating system (SFOS) discovered.
The vulnerability, which was responsibly disclosed to Sophos, could be used for unauthenticated remote code execution. Our investigations have found no evidence of the vulnerability being exploited.Advisory: SQL injection vulnerability on Cyberoam Firewall deviceshttps://community.sophos.com/kb//127958.aspx
https://community.sophos.com/kb//127958.aspx20 Dec 2017This article explains the reason for a security hotfix on Cyberoam Firewall devices. Puremessage for Unix: New policy tests for MIME spec, preamble and epilogue lengthhttps://community.sophos.com/kb//128013.aspx
https://community.sophos.com/kb//128013.aspx19 Dec 2017This article discusses the new policy tests that were added to PMX 6.4.1. The policy tests check if a message meets MIME type specifications, and can check the preamble and epilogue length of a message.
​ Advisory Sophos Wireless affected by WPA and WPA2 vulnerabilities with key reinstallation attacks (KRACKs)https://community.sophos.com/kb//127658.aspx
https://community.sophos.com/kb//127658.aspx08 Dec 2017A vulnerability in the WPA2 protocol has been discovered and could allow an attacker to read encrypted information. Advisory: SAV for AIX emergency release 9.14.1https://community.sophos.com/kb//127953.aspx
https://community.sophos.com/kb//127953.aspx07 Dec 2017SAV update will fail on AIX if an IPv6 address is added to an IPv4 network adapter. This issue has been fixed in 9.14.1 for SAV for AIX. Advisory: Sophos XG Firewall email fails to send to servers that only support TLS 1.0https://community.sophos.com/kb//127745.aspx
https://community.sophos.com/kb//127745.aspx05 Dec 2017In v17, some recipient servers will fail to negotiate TLS connection and the email fails to send. Advisory: Release of Windows Central Server 1.5.2 may trigger repeated BSoDhttps://community.sophos.com/kb//127905.aspx
https://community.sophos.com/kb//127905.aspx05 Dec 2017This article provides further information on an issue seen following the recent Windows Central Server 1.5.2 release. SAV error Event ID 13 - The requested component ICmanager is in a failure state the component will not be returned Failed to load the main virus datahttps://community.sophos.com/kb//127677.aspx
https://community.sophos.com/kb//127677.aspx01 Dec 2017Sophos is aware of an issue affecting Chinese and Japanese installations of Sophos Anti-Virus. You may see errors relating to update Unknown . SAV Linux/Unix. Error Cannot log on to parent router error: cannot determine whether the Certification Manager issues certificates with preferred hashing algorithm https://community.sophos.com/kb//126678.aspx
https://community.sophos.com/kb//126678.aspx01 Dec 2017Diagnosis and resolution of the error Cannot log on to parent router error: cannot determine whether the Certification Manager issues certificates with preferred hashing algorithm Sophos Cloud Web Gateway: iOS 11 agent deployments may fail with SCEP invalid response errorhttps://community.sophos.com/kb//127846.aspx
https://community.sophos.com/kb//127846.aspx01 Dec 2017Deployments of the CWG iOS agent profile to devices running iOS 11 may fail with an SCEP returned an invalid response error. PureMessage for UNIX: How to upgrade to version 6.4 with Delay Queuehttps://community.sophos.com/kb//127127.aspx
https://community.sophos.com/kb//127127.aspx30 Nov 2017This article explains the steps needed to upgrade PureMessage for UNIX to version 6.4 with the new Delay Queue feature. PureMessage for Unix: FAQ for version 6.4 Delay Queuehttps://community.sophos.com/kb//127126.aspx
https://community.sophos.com/kb//127126.aspx27 Nov 2017This article has a list of Frequently Asked Questions and links to answers for PureMessage for Unix version 6.4 and the new Delay Queue feature. Advisory: Email Appliance and Puremessage for Unix installations reporting data update failureshttps://community.sophos.com/kb//127853.aspx
https://community.sophos.com/kb//127853.aspx27 Nov 2017Email Appliance and Puremessage for Unix installations reporting data update failures PureMessage for UNIX: Sample policy.siv file for Delay Queuehttps://community.sophos.com/kb//127145.aspx
https://community.sophos.com/kb//127145.aspx21 Nov 2017This article provides a sample policy.siv file with delay queue related test and actions. SAV for Linux / Unix - When the /tmp is low on space, .tgz files may report as corrupt if they cannot be extracted fullyhttps://community.sophos.com/kb//127766.aspx
https://community.sophos.com/kb//127766.aspx08 Nov 2017When the /tmp folder is low on space, .tgz files may report as corrupt when trying to scan them with archive scanning enabled Microsoft Outlook DDE (also known as DDEAUTO) attackhttps://community.sophos.com/kb//127711.aspx
https://community.sophos.com/kb//127711.aspx02 Nov 2017Sophos is aware of a new method of attack that allows the execution of malicious code on an email without the use of attachments or macros. This article provides information on how this attack works and on what to do to prevent this attack. Bad Rabbit ransomware: What to dohttps://community.sophos.com/kb//127730.aspx
https://community.sophos.com/kb//127730.aspx02 Nov 2017Sophos is aware of a widespread ransomware attack which is affecting several organizations in multiple countries known as Bad Rabbit. Initial reports are, it is mainly affecting Russian organisations but other countries are affected as well. Advisory: Google s QUIC protocol bypasses scanning on Sophos XG Firewallhttps://community.sophos.com/kb//127719.aspx
https://community.sophos.com/kb//127719.aspx25 Oct 2017QUIC is an experimental networking protocol designed by Google to avoid latency and reduce network congestion. This article describes how to prevent Google s QUIC protocol from bypassing Web filtering of Google services including HTTPS Decryption, Sophos Sandstorm, Malware scanning and Content Filter scanning when accessing files in Google s Chrome Browser.Advisory Infineon TPM vulnerability on BitLocker encrypted clients managed by SafeGuard BitLocker Client and Central Device Encryptionhttps://community.sophos.com/kb//127650.aspx
https://community.sophos.com/kb//127650.aspx20 Oct 2017Infineon announced in October 2017 that its Trusted Platform Modules (TPM) were generating insecure RSA keys. The article contains a list of affected vendors and outlines the impact of the issue when TPM was used to generate RSA key pairs for BitLocker encryption managed by Sophos SafeGuard Enterprise BitLocker Client and Sophos Central Device Encryption Client.Sophos Central Wireless: Access Points may be displayed as Offline in Central Admin after upgrading to version 1.15https://community.sophos.com/kb//127548.aspx
https://community.sophos.com/kb//127548.aspx13 Oct 2017In isolated cases Sophos Central access points may display as Offline in Central Admin after upgrading to the upcoming firmware version 1.15. If observed, wireless service on affected APs will be down until AP is re-registered. PureMessage for UNIX: How Delay Queue workshttps://community.sophos.com/kb//127129.aspx
https://community.sophos.com/kb//127129.aspx22 Sep 2017This article explains how the Delay Queue feature in PMX 6.4 works. PureMessage for UNIX: How to read new log entries for Delay Queuehttps://community.sophos.com/kb//127130.aspx
https://community.sophos.com/kb//127130.aspx22 Sep 2017This article explains how to read and interpret logs on PureMessage for the new Delay Queue feature. PureMessage for UNIX: How to view the Sender History Databasehttps://community.sophos.com/kb//127131.aspx
https://community.sophos.com/kb//127131.aspx22 Sep 2017This article explains how to use the new DB commands to view the Sender History Database. PureMessage for UNIX: How to check sizing requirements for the Redis serverhttps://community.sophos.com/kb//127144.aspx
https://community.sophos.com/kb//127144.aspx22 Sep 2017This article explains how to check the size requirements for the Redis server. SMBv1 dependencies have been removed from all Sophos products as a response to Wanna ransomwarehttps://community.sophos.com/kb//126757.aspx
https://community.sophos.com/kb//126757.aspx12 Sep 2017There is no need to disable SMBv1 if your environments are patched. Please update to the latest versions for Sophos UTM, XG, Web Appliance, Anti-Virus for Linux and VShield and Virtual Environments Information about Sophos products and new Apache Struts vulnerability CVE-2017-9805https://community.sophos.com/kb//127388.aspx
https://community.sophos.com/kb//127388.aspx07 Sep 2017No Sophos products, websites or portals are affected. Sophos Anti-Virus for Linux: How to transfer SophosInstall.sh for Cloud installerhttps://community.sophos.com/kb//127375.aspx
https://community.sophos.com/kb//127375.aspx05 Sep 2017SophosInstall.sh for Cloud needs binary mode to transfer correctly. Sophos Cloud Web Gateway: Delays in agent event logging and reporting during peak timeshttps://community.sophos.com/kb//126926.aspx
https://community.sophos.com/kb//126926.aspx28 Aug 2017Cloud Web Gateway agent event logs and reporting to the cloud can be significantly delayed during peak times. No fix or workaround is available at this time. Advisory: Sophos UTM: HTTPProxy coredumps after Appctrl updatehttps://community.sophos.com/kb//127257.aspx
https://community.sophos.com/kb//127257.aspx08 Aug 2017Sophos UTM: HTTPProxy coredumps after Appctrl update Corrupt or encrypted items quarantined by SAVDI when option set to disabledhttps://community.sophos.com/kb//125689.aspx
https://community.sophos.com/kb//125689.aspx14 Jun 2017This article describes an issue where files resulting in corrupt, error or encrypted results are quarantined even when the option to block them is not enabled. Wana Decrypt0r 2.0 Ransomwarehttps://community.sophos.com/kb//126733.aspx
https://community.sophos.com/kb//126733.aspx22 May 2017Wanna Decrypter 2.0 Ransomware PCTI.DBVB.dll detected as Mal/Generic-Shttps://community.sophos.com/kb//126776.aspx
https://community.sophos.com/kb//126776.aspx18 May 2017Incorrect detection on PCTI.DBVB.dll detected as Mal/Generic-S Advisory: Recommended steps for the Poodle vulnerability in SMTP Proxy on the Sophos UTMhttps://community.sophos.com/kb//121761.aspx
https://community.sophos.com/kb//121761.aspx18 Sep 2015This article provides the recommended steps for the Poodle vulnerability in SMTP Proxy on the Sophos UTM. Advisory: OpenSSL Security Advisory [05 Jun 2014]https://community.sophos.com/kb//121108.aspx
https://community.sophos.com/kb//121108.aspx09 Sep 2015How are Sophos products affected by the OpenSSL Project s disclosure of software defects on June 5th 2014?